[TOOL]FIDO Conformance Tools v1.7.0
538 views
Skip to first unread message
Daniel Tsai
Aug 9, 2022, 1:17:58 AM8/9/22
to fido...@fidoalliance.org
HI,
--
We use the conformance tool v1.5.2 is okay. But Change to v1.7.0 get below errors. We don't know how to solve it. Can you give some suggestions to solve this?
Server-ServerAuthenticatorAttestationResponse-Resp-5 Test server processing "packed" FULL attestation
F-10 Send ServerAuthenticatorAttestationResponse with FULL "packed" attestation, with attStmt.x5c containing full chain, and check that server returns an error
Error: the string "Promise succeded when expected to fail!" was thrown, throw an Error :)
F-2 Send ServerAuthenticatorAttestationResponse with SELF "packed" attestation, that contains full attestation, and check that server returns an error
Error: the string "Promise succeded when expected to fail!" was thrown, throw an Error :)
============================
Daniel Tsai (蔡沛勳)
TEL: 0922021468
E-Mail: pst....@gmail.com
============================
Daniel Tsai (蔡沛勳)
TEL: 0922021468
E-Mail: pst....@gmail.com
============================
Shane Weeden
Aug 9, 2022, 1:32:55 AM8/9/22
to Daniel Tsai, fido...@fidoalliance.org
Personally I don’t agree with the rules of the first test case. See https://github.com/fido-alliance/conformance-test-tools-resources/issues/678
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAOnab%3DKWDZkbTpqhRMCQNmQCt2xZq-geW%3DYHjYUwFiLHr_FzvA%40mail.gmail.com.
Philipp Junghannß
Aug 9, 2022, 1:49:32 AM8/9/22
to Shane Weeden, Daniel Tsai, FIDO Dev (fido-dev)
sounds to me like that usually you only get one attestation cert rather than a full chain, and they expect you to error out when you get a full chain.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/030A4441-7BB0-4437-BE02-E3618549F493%40gmail.com.
Ackermann Yuriy
Aug 9, 2022, 2:33:47 AM8/9/22
to Daniel Tsai, FIDO Dev (fido-dev)
These two tests were in the conformance tools since day one.
First test checks that you follow RFC5280 and avoid duplicate certificates.
Second check that if you have an authenticator that advertises support only for SELF(SURROGATE) attestation, and it suddenly returns FULL, that obviously won't work.
Don't forget to update your metadata.
Thanks.
Yuriy
Yuriy Ackermann
FIDO, Identity, Standardsskype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand
--
Daniel Tsai
Aug 9, 2022, 11:59:49 PM8/9/22
to FIDO Dev (fido-dev), Ackermann Yuriy, FIDO Dev (fido-dev), Daniel Tsai
HI
Yuriy,
Thanks for your reply. How could I to update the metadata? Is it from conformance tool or not? and How to implement it to server side?
regards,
Daniel
Ackermann Yuriy 在 2022年8月9日 星期二下午2:33:47 [UTC+8] 的信中寫道:
Ackermann Yuriy
Aug 10, 2022, 2:23:00 AM8/10/22
to Daniel Tsai, FIDO Dev (fido-dev)
“Download Metadata” button.
Additionally be aware that tools moved to new MDS3 metadata format.
Reply all
Reply to author
Forward
0 new messages